DoD Data Destruction - What you Need to Know

December 28, 2018

When dealing with data destruction, there are specific standards that have been put out by the Department of Defense. The DoD data destruction standard most commonly cited is the 5220.22-M standard. This data sanitization method was used by the DoD and emerged in the early 90s when data destruction was beginning to emerge. This standard of destruction paved the road for independent companies to also use similar methods of data destruction in their own companies for commercial use.

The DoD 5220.22-M standard consists of a method of using multiple overwriting passes with the thought being that overwriting the original data various times will make it more secure. On the first pass, they overwrite information with binary zeroes, on the second pass they overwrite information with ones and on the third pass, they overwrite information with a random bit pattern. After the final overwrite, a certificate is completed to verify that the overwriting process took place.

Today, the U.S. Department of Defense no longer uses the 5220.22-M standard for classified data. Instead, they use a combination of wiping, degaussing and/or physical destruction for their data. As the DoD 5220.22-M standard was first created over 20 years ago, today, other data sanitization standards have begun to come into play such as the NIST 800-88. However, the process of overwriting data to protect the information, which was put into practice by the DoD 5220.22-M continues to be used today as an effective way to sanitize data.